Contents

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

1 Enterprise Deployment Overview

• 1.1 What is an Enterprise Deployment?
• 1.2 Terminology
• 1.3 Benefits of Oracle Recommendations
  • 1.3.1 Built-in Security
  • 1.3.2 High Availability
• 1.4 The Enterprise Deployment Reference Topologies
  • 1.4.1 Oracle Access Manager 11g
  • 1.4.2 Oracle Access Manager 11g and Oracle Identity Manager 11g
  • 1.4.3 Oracle Adaptive Access Manager 11g
  • 1.4.4 Oracle Identity Federation 11g
• 1.5 Understanding the Topology Tiers
  • 1.5.1 Understanding the Directory Tier
  • 1.5.2 Understanding the Application Tier
    • 1.5.2.1 Architecture Notes
    • 1.5.2.2 High Availability Provisions
    • 1.5.2.3 Security Provisions
  • 1.5.3 Understanding the Web Tier
    • 1.5.3.1 Architecture Notes
    • 1.5.3.2 Security Provisions
• 1.6 Using This Guide

2 Prerequisites for Enterprise Deployments

• 2.1 Hardware Resource Planning
• 2.2 Network Prerequisites
  • 2.2.1 Load Balancers
  • 2.2.2 Configuring Virtual Server Names and Ports on the Load Balancer
  • 2.2.3 Virtual IP Addresses
  • 2.2.4 Managing Oracle Fusion Middleware Component Connections
  • 2.2.5 Oracle Access Manager Communication Protocol and Terminology
    • 2.2.5.1 Oracle Access Manager Protocols
    • 2.2.5.2 Overview of User Request
  • 2.2.6 Firewall and Port Configuration
• 2.3 WebLogic Domain Considerations
• 2.4 Shared Storage and Recommended Directory Structure
  • 2.4.1 Directory Structure Terminology and Environment Variables
  • 2.4.2 Recommended Locations for the Different Directories

3 Configuring the Database Repositories

• 3.1 Real Application Clusters
• 3.2 Configuring the Database for Oracle Fusion Middleware 11g Metadata
  • 3.2.1 Creating a Real Applications Clusters Database
  • 3.2.2 Creating Database Services for 10.x and 11.1.x Databases
  • 3.2.3 Creating Database Services for 11.2.x Databases
  • 3.2.4 Database Tuning
• 3.3 Executing the Repository Creation Utility
  • 3.3.1 Procedure for Executing RCU
  • 3.3.2 RCU Example

4 Installing the Software

• 4.1 Introduction
• 4.2 Using this Guide
• 4.3 Software Installation Summary
• 4.4 Installing Oracle HTTP Server
  • 4.4.1 Prerequisites
    • 4.4.1.1 Check Port 7777
    • 4.4.1.2 Check oraInst.loc
  • 4.4.2 Installation
  • 4.4.3 Upgrading Oracle HTTP Server from 11.1.1.2 to 11.1.1.5
• 4.5 Installing Oracle Fusion Middleware
  • 4.5.1 Installing Oracle Fusion Middleware Components
  • 4.5.2 Installing Oracle Fusion Middleware Home
  • 4.5.3 Installing JRockit
  • 4.5.4 Installing Oracle WebLogic Server
    • 4.5.4.1 General Prerequisites for Installing WebLogic
    • 4.5.4.2 Invoking the WebLogic Installer
    • 4.5.4.3 Installing Oracle WebLogic Server
  • 4.5.5 Installing Oracle Identity Management
  • 4.5.6 Upgrading the Oracle Homes for Oracle Identity Management from 11.1.1.2 to 11.1.1.5
  • 4.5.7 Installing the Oracle SOA Suite
  • 4.5.8 Installing Oracle Identity and Access Management
• 4.6 Applying Patches and Workarounds
  • 4.6.1 Patching the Oracle Database
    • 4.6.1.1 Patch Requirements for Oracle Database 11g (11.1.0.7)
    • 4.6.1.2 Patch Requirements for Oracle Database 11g (11.2.0.2.0)
  • 4.6.2 Patches for Fusion Middleware
  • 4.6.3 Provisioning the OIM Login Modules Under the WebLogic Server Library Directory
  • 4.6.4 Creating the wlfullclient.jar File
• 4.7 Backing Up the Installation

5 Configuring the Web Tier

• 5.1 Configuring the Oracle Web Tier
  • 5.1.1 Configuring the HTTP Server
  • 5.1.2 Validating the Installation
• 5.2 Configuring Virtual Hosts
• 5.3 Configuring Oracle HTTP Server to Run as Software Owner
• 5.4 Validating the Installation
• 5.5 Backing up the Web Tier Configuration

6 Creating the WebLogic Server Domain for Identity Management

• 6.1 Enabling ADMINVHN on IDMHOST1
• 6.2 Running the Configuration Wizard on IDMHOST1 to Create a Domain
• 6.3 Creating boot.properties for the WebLogic Administration Server on IDMHOST1
• 6.4 Starting Node Manager on IDMHOST1
• 6.5 Updating the Node Manager Credentials
• 6.6 Validating the WebLogic Administration Server
• 6.7 Disabling Host Name Verification for the Oracle WebLogic Administration Server
• 6.8 Stopping and Starting the WebLogic Administration Server
• 6.9 Configuring Oracle HTTP Server for the WebLogic Administration Server
• 6.10 Registering Oracle HTTP Server with WebLogic Server
• 6.11 Setting the Front End URL for the Administration Console
• 6.12 Enabling WebLogic Plug-in
• 6.13 Validating Access Through Oracle HTTP Server
• 6.14 Manually Failing Over the WebLogic Administration Server
  • 6.14.1 Failing over the Administration Server to IDMHOST2
  • 6.14.2 Starting the Administration Server on IDMHOST2
  • 6.14.3 Validating Access to IDMHOST2 Through Oracle HTTP Server
  • 6.14.4 Failing the Administration Server Back to IDMHOST1
• 6.15 Backing Up the WebLogic Domain

7 Extending the Domain with Oracle Internet Directory

• 7.1 Identity Store and Policy Store in Oracle Internet Directory
• 7.2 Prerequisites for Configuring Oracle Identity Directory Instances
• 7.3 Configuring the Oracle Internet Directory Instances
  • 7.3.1 Configuring the First Oracle Internet Directory Instance
  • 7.3.2 Configuring an Additional Oracle Internet Directory Instance
• 7.4 Post-Configuration Steps
  • 7.4.1 Registering Oracle Internet Directory with the WebLogic Server Domain
  • 7.4.2 Considering Oracle Internet Directory Password Policies
• 7.5 Validating the Oracle Internet Directory Instances
• 7.6 Tuning Oracle Internet Directory
• 7.7 Backing up the Oracle Internet Directory Configuration

8 Extending the Domain with Oracle Directory Integration Platform and ODSM

• 8.1 Extending the Oracle WebLogic Domain with Oracle Directory Integration Platform and ODSM
• 8.2 Expanding the Oracle Directory Integration Platform and ODSM Cluster
  • 8.2.1 Installing and Configuring Oracle Directory Integration Platform and ODSM on IDMHOST2
  • 8.2.2 Post-Installation Step: Copying Oracle Directory Integration Platform to wls_ods2
  • 8.2.3 Configure the Enterprise Manager Agents
• 8.3 Provisioning the Managed Servers in the Managed Server Directory
• 8.4 Configuring ODSM to work with the Oracle Web Tier
  • 8.4.1 Prerequisites
  • 8.4.2 Configuring Oracle HTTP Servers to Access the ODSM Console
• 8.5 Validating the Application Tier Configuration
  • 8.5.1 Validating Oracle Directory Services Manager
  • 8.5.2 Validating Oracle Directory Integration Platform
• 8.6 Backing Up the Application Tier Configuration

9 Extending the Domain with Oracle Virtual Directory

• 9.1 Prerequisites for Configuring Oracle Virtual Directory Instances
• 9.2 When to use Oracle Virtual Directory
• 9.3 Configuring the Oracle Virtual Directory Instances
  • 9.3.1 Configuring the First Oracle Virtual Directory Instance
  • 9.3.2 Configuring an Additional Oracle Virtual Directory
• 9.4 Post-Configuration Steps
  • 9.4.1 Registering Oracle Virtual Directory with the Oracle WebLogic Server Domain
• 9.5 Disable Oracle Virtual Directory Listener SSL NIO
• 9.6 Validating the Oracle Virtual Directory Instances
• 9.7 Creating ODSM Connections to Oracle Virtual Directory
• 9.8 Creating Adapters in Oracle Virtual Directory
  • 9.8.1 Creating Adapters for Oracle Internet Directory
    • 9.8.1.1 User Adapter for Oracle Internet Directory
    • 9.8.1.2 Changelog Adapter for Oracle Internet Directory
  • 9.8.2 Creating Adapters for Microsoft Active Directory Server
    • 9.8.2.1 User Adapter for Active Directory
    • 9.8.2.2 Changelog Adapter for Active Directory
  • 9.8.3 Creating Adapters for Oracle Directory Server Enterprise Edition or Sun Java System Directory Server
    • 9.8.3.1 User Adapter for ODSEE
    • 9.8.3.2 Changelog Adapter for ODSEE
  • 9.8.4 Validating the Oracle Virtual Directory Adapters
• 9.9 Tuning Oracle Virtual Directory
• 9.10 Backing Up the Oracle Virtual Directory Configuration

10 Preparing Directories Other than Oracle Internet Directory

• 10.1 Preparing a Directory for Oracle Access Manager and Oracle Identity Manager
  • 10.1.1 Configuring Active Directory for Use with Oracle Access Manager and Oracle Identity Manager
  • 10.1.2 Configuring Oracle Directory Server Enterprise Edition or Sun Java System Directory Server
• 10.2 Configuring Multiple Directories as an Identity Store: Split Profile with Oracle Virtual Directory
  • 10.2.1 Prerequisites
  • 10.2.2 Repository Descriptions
  • 10.2.3 Setting Up Oracle Internet Directory as a Shadow Directory
  • 10.2.4 Directory Structure Overview - Shadow Join
  • 10.2.5 Configuring Adapters and Plug-ins
    • 10.2.5.1 Creating User Adapter for Active Directory Server
    • 10.2.5.2 Creating Shadowjoiner User Adapter
    • 10.2.5.3 Creating JoinView Adapter
    • 10.2.5.4 Creating User/Role Adapter for Oracle Internet Directory
    • 10.2.5.5 Creating Changelog adapter for Active Directory Server
    • 10.2.5.6 Creating Changelog Adapter for Oracle Internet Directory
    • 10.2.5.7 Validate Oracle Virtual Directory Changelog
    • 10.2.5.8 Configuring a Global Consolidated Changelog Plug-in
• 10.3 Configuring Multiple Directories as an Identity Store: Distinct User and Group Populations in Multiple Directories
  • 10.3.1 Directory Structure Overview (Internal - External)
  • 10.3.2 Configuring Oracle Virtual Directory Adapters and Plug-ins
    • 10.3.2.1 User/Role Adapter A1
    • 10.3.2.2 User/Role Adapter A2
    • 10.3.2.3 Changelog Adapter C1
    • 10.3.2.4 Changelog Adapter C2
    • 10.3.2.5 Creating Oracle Virtual Directory Global Plug-in

11 Preparing Identity and Policy Stores

• 11.1 Backing up the LDAP Directories
• 11.2 Prerequisites
• 11.3 Preparing the OPSS Policy Store
  • 11.3.1 Creating Policy Store Users and the Policy Container
  • 11.3.2 Reassociating the Policy and Credential Store
• 11.4 Preparing the Identity Store
  • 11.4.1 Extending Directory Schema for Oracle Access Manager
  • 11.4.2 Creating Users and Groups for Oracle Access Manager
  • 11.4.3 Creating Users and Groups for Oracle Adaptive Access Manager
  • 11.4.4 Creating Users and Groups for Oracle Identity Manager
  • 11.4.5 Creating Users and Groups for Oracle WebLogic Server
  • 11.4.6 Disable Anonymous Binds to Oracle Virtual Directory LDAP Ports
  • 11.4.7 Set Up Oracle Virtual Directory–Oracle Identity Manager Access Control Lists
  • 11.4.8 Creating Access Control Lists in Non-Oracle Internet Directory Directories
  • 11.4.9 Updating Oracle Virtual Directory Adapters

12 Extending the Domain with Oracle Access Manager 11g

• 12.1 Introduction to Installing Oracle Access Manager
  • 12.1.1 Using Different LDAP Directory Stores
  • 12.1.2 Using Oracle Virtual Directory as the Identity Store
• 12.2 Prerequisites
• 12.3 Configuring Oracle Access Manager on IDMHOST1
  • 12.3.1 Extending Domain with Oracle Access Manager
  • 12.3.2 Removing IDM Domain Agent
  • 12.3.3 Propagating the Domain Changes to the Managed Server Domain Directory
• 12.4 Configuring Oracle Access Manager on IDMHOST2
  • 12.4.1 Deploying Oracle Access Manager on IDMHOST2
  • 12.4.2 Updating Node Manager Properties File on IDMHOST2
  • 12.4.3 Starting Oracle Access Manager Server on IDMHOST2
• 12.5 Configuring Oracle Access Manager to work with the Oracle Web Tier
  • 12.5.1 Prerequisites
  • 12.5.2 Configuring Oracle HTTP Servers to Display Login Page
  • 12.5.3 Configuring Oracle HTTP Servers to Access Oracle Access Manager Console
  • 12.5.4 Validating Accessibility
• 12.6 Configuring Oracle Access Manager
  • 12.6.1 Changing Oracle Access Manager Security Model
  • 12.6.2 Configuring Oracle Access Manager by Using the IDM Automation Tool
  • 12.6.3 Configuring Oracle Access Manager for Multidirectory Support
  • 12.6.4 Validating the Configuration
• 12.7 Updating Newly-Created Agent
• 12.8 Changing the Login Attribute.
• 12.9 Adding the oamadmin Account to Access System Administrators
• 12.10 Validating Oracle Access Manager
• 12.11 Creating Oracle Access Manager Key Store
  • 12.11.1 Creating an Empty Trust Store File Named oamclient-truststore.jks
  • 12.11.2 Importing the CA Certificate into the Trust Store
  • 12.11.3 Setting up Keystore with the SSL Certificate and Private Key file of the Access Client
• 12.12 Backing Up the Application Tier Configuration
• 12.13 Create a Protected Resource for Oracle Identity Navigator

13 Extending the Domain with Oracle Adaptive Access Manager

• 13.1 Prerequisites
• 13.2 Configuring Oracle Adaptive Access Manager on IDMHOST1
  • 13.2.1 Extending Domain for Oracle Adaptive Access Manager
  • 13.2.2 Starting Administration Server on IDMHOST1
  • 13.2.3 Creating OAAM Administration User in WebLogic Console
  • 13.2.4 Configuring Oracle Adaptive Access Manager on OAAMHOST1
• 13.3 Starting and Validating OAAMHOST1
  • 13.3.1 Creating Node Manager Properties File on OAAMHOST1
  • 13.3.2 Starting Oracle Adaptive Access Manager on OAAMHOST1
  • 13.3.3 Validating OAAMHOST1
• 13.4 Configuring Oracle Adaptive Access Manager on OAAMHOST2
  • 13.4.1 Deploying Domain on OAAMHOST2
  • 13.4.2 Starting OAAMHOST2
    • 13.4.2.1 Creating Node Manager Properties File on OAAMHOST2
    • 13.4.2.2 Starting Oracle Adaptive Access Manager on OAAMHOST2
  • 13.4.3 Validating OAAMHOST2
• 13.5 Configuring OAAM to Work with the Oracle HTTP Server
  • 13.5.1 Updating Oracle HTTP Server Configuration
  • 13.5.2 Restarting Oracle HTTP Server
  • 13.5.3 Changing Host Assertion in WebLogic
  • 13.5.4 Validating Oracle Adaptive Access Manager
• 13.6 Loading Oracle Adaptive Access Manager Seed Data
• 13.7 Backing Up the Application Tier Configuration

14 Extending the Domain with Oracle Identity Navigator

• 14.1 Extending the Domain with Oracle Identity Navigator
  • 14.1.1 Prerequisites
  • 14.1.2 Configuring Oracle Identity Navigator on IDMHOST1
  • 14.1.3 Stopping and Starting the Administration Server IDMHOST1
  • 14.1.4 Provisioning Oracle Identity Navigator on IDMHOST1
  • 14.1.5 Configuring Oracle HTTP Servers to Access OIN Console
  • 14.1.6 Validating Oracle Identity Navigator
• 14.2 Backing Up the Application Tier Configuration

15 Extending the Domain with Oracle Identity Manager

• 15.1 Prerequisites
• 15.2 Enabling Virtual IP Addresses on OIMHOST1 and OIMHOST2
• 15.3 Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite on IDMHOST1
• 15.4 Configuring Oracle Identity Manager on IDMHOST1
• 15.5 Propagating the Oracle Identity Manager and SOA Managed Servers to OIMHOST1 and OIMHOST2
• 15.6 Post-Installation Steps on OIMHOST1
  • 15.6.1 Updating the Coherence Configuration for the SOA Managed Server
  • 15.6.2 Starting the WLS_OIM1 and WLS_SOA1 Managed Servers on OIMHOST1
  • 15.6.3 Validating Oracle Identity Manager Instance on OIMHOST1
• 15.7 Post-Installation Steps on OIMHOST2
  • 15.7.1 Starting Node Manager on OIMHOST2
  • 15.7.2 Starting the WLS_OIM2 and WLS_SOA2 Managed Servers on OIMHOST2
  • 15.7.3 Validating Oracle Identity Manager Instance on OIMHOST2
• 15.8 Modifying the Oracle Identity Manager Default System Properties for UserName Generation
• 15.9 Configuring Oracle Identity Manager to Reconcile from ID Store
• 15.10 Configuring Oracle Identity Manager to Work with the Oracle Web Tier
  • 15.10.1 Prerequisites
  • 15.10.2 Configuring Oracle HTTP Servers to Front End the Oracle Identity Manager and SOA Managed Servers
  • 15.10.3 Changing Host Assertion in WebLogic
  • 15.10.4 Validating Oracle Identity Manager Instance from the WebTier
• 15.11 Configuring a Default Persistence Store for Transaction Recovery
• 15.12 Configuring an IT Resource Instance for Email
• 15.13 Enabling Oracle Identity Manager to Connect to SOA Using the Administrative Users Provisioned in LDAP
• 15.14 Updating the Username Generation Policy for Active Directory
• 15.15 Update Oracle Identity Manager JMS Queues
• 15.16 Tuning Oracle Platform Security
• 15.17 Provisioning Users to the Enterprise Identity Store in a Multidirectory Scenario
  • 15.17.1 Creating and Importing New Rules
  • 15.17.2 Updating IT Resource for Oracle Identity Manager Integration
  • 15.17.3 Updating the Incremental Reconciliation Changelog Number
• 15.18 Backing Up the Application Tier Configuration

16 Extending the Domain with Oracle Identity Federation

• 16.1 Prerequisites
• 16.2 Configuring Oracle Identity Federation on OIFHOST1
• 16.3 Configuring Oracle Identity Federation on OIFHOST2
• 16.4 Provisioning the Managed Servers on the Local Disk
• 16.5 Validating Oracle Identity Federation
• 16.6 Configure the Enterprise Manager Agents
• 16.7 Enabling Oracle Identity Federation Integration with LDAP Servers
• 16.8 Configuring Oracle Identity Federation to work with the Oracle Web Tier
  • 16.8.1 Prerequisites
  • 16.8.2 Making Oracle Identity Federation aware of the Load Balancer
  • 16.8.3 Configuring Oracle HTTP Servers To Front End the Oracle Identity Federation Managed Servers
• 16.9 Validating Oracle Identity Federation
• 16.10 Backing Up the Application Tier Configuration

17 Setting Up Node Manager

• 17.1 About Setting Up Node Manager
• 17.2 Changing the Location of the Node Manager Log
• 17.3 Enabling Host Name Verification Certificates for Node Manager
  • 17.3.1 Generating Self-Signed Certificates Using the utils.CertGen Utility
  • 17.3.2 Creating an Identity Keystore Using the utils.ImportPrivateKey Utility
  • 17.3.3 Creating a Trust Keystore Using the Keytool Utility
  • 17.3.4 Configuring Node Manager to Use the Custom Keystores
  • 17.3.5 Starting Node Manager
  • 17.3.6 Configuring Managed WebLogic Servers to Use the Custom Keystores
  • 17.3.7 Changing the Host Name Verification Setting for the Managed Servers

18 Configuring Server Migration for Oracle Identity Manager

• 18.1 Setting Up a User and Tablespace for the Server Migration Leasing Table
• 18.2 Creating a Multi Data Source Using the Oracle WebLogic Administration Console
• 18.3 Editing Node Manager's Properties File
• 18.4 Setting Environment and Superuser Privileges for the wlsifconfig.sh Script
• 18.5 Configuring Server Migration Targets
• 18.6 Testing the Server Migration

19 Integrating Components

• 19.1 Integrating Oracle Identity Manager and Oracle Access Manager 11g
  • 19.1.1 Prerequisites
  • 19.1.2 Copying OAM Keystore Files to OIMHOST1 and OIMHOST2
  • 19.1.3 Configuring Oracle Access Manager for Oracle Identity Manager Integration
  • 19.1.4 Updating Existing LDAP Users with Required Object Classes
  • 19.1.5 Integrating Oracle Access Manager 11g with Oracle Identity Manager 11g
    • 19.1.5.1 Remove Security Providers
    • 19.1.5.2 Integrating Oracle Access Manager with Oracle Identity Manager by Using idmConfigTool
  • 19.1.6 Updating Oracle Virtual Directory Authenticator
  • 19.1.7 Manually Creating CSF Keys
  • 19.1.8 Managing the Password of the xelsysadm User
  • 19.1.9 Validating Integration
• 19.2 Integrating Oracle Adaptive Access Manager with Oracle Access Manager 11g
  • 19.2.1 Prerequisites
  • 19.2.2 Copying OAM Keystore Files to OAAMHOST1 and OAAMHOST2
  • 19.2.3 Registering OAAM as a Third Party Application
  • 19.2.4 Adding Password to IAMSuiteAgent Profile
  • 19.2.5 Validation
  • 19.2.6 Setting OAAM properties for Oracle Access Manager
  • 19.2.7 Updating Secondary Host Parameter
  • 19.2.8 Validating OAAM-Oracle Access Manager Integration
    • 19.2.8.1 Creating Oracle Adaptive Access Manager Policy Groups
    • 19.2.8.2 Creating a Resource in Oracle Access Manager
    • 19.2.8.3 Moving TAP Resource to TAP Policy
    • 19.2.8.4 Validating Oracle Adaptive Access Manager
• 19.3 Integrating Oracle Adaptive Access Manager 11g with Oracle Identity Manager 11g
  • 19.3.1 Prerequisites
  • 19.3.2 Configuring Oracle Identity Manager Encryption Keys in CSF
  • 19.3.3 Setting OAAM properties for Oracle Identity Manager
  • 19.3.4 Setting Oracle Identity Manager properties for OAAM
  • 19.3.5 Changing Domain to TAP Scheme Protection
  • 19.3.6 Restarting Oracle Adaptive Access Manager and Oracle Identity Manager
  • 19.3.7 Validating Oracle Identity Manager-OAAM Integration
• 19.4 Integrating Oracle Identity Federation with Oracle Access Manager 11g
  • 19.4.1 Prerequisites
  • 19.4.2 Integrating Oracle Identity Federation with Oracle Access Manager in Authentication Mode
    • 19.4.2.1 Creating an Authorization Policy in Oracle Access Manager
    • 19.4.2.2 Creating a Resource in Oracle Access Manager
    • 19.4.2.3 Configuring the Oracle Access Manager Authentication Engine
    • 19.4.2.4 Configuring the OSSO SP Engine
  • 19.4.3 Integrating Oracle Identity Federation with Oracle Access Manager in SP Mode
    • 19.4.3.1 Configuring the OSSO SP Engine
    • 19.4.3.2 Updating the Oracle Identity Federation Authentication Scheme in Oracle Access Manager
    • 19.4.3.3 Creating an Oracle Identity Federation Authentication Policy in Oracle Access Manager
    • 19.4.3.4 Creating a Test Page
    • 19.4.3.5 Creating a Resource in Oracle Access Manager
    • 19.4.3.6 Configuring Oracle Access Manager to Delegate Authentication to Oracle Identity Federation
  • 19.4.4 Validating Oracle Identity Federation Integration with Oracle Access Manager
    • 19.4.4.1 Generating Provider Metadata
    • 19.4.4.2 Registering the Providers
    • 19.4.4.3 Setting the Default Identity Provider
    • 19.4.4.4 Updating the Default Authentication Engine to LDAP Engine
    • 19.4.4.5 Updating the Default SSO Response Binding
    • 19.4.4.6 Validating SP Mode Configuration
    • 19.4.4.7 Updating the Default Authentication Engine to Oracle Access Manager
    • 19.4.4.8 Validating Authentication Mode Configuration
• 19.5 Auditing Identity Management

20 Configuring Single Sign-on for Administration Consoles

• 20.1 Configuring Single Sign-On for Administration Consoles with Oracle Access Manager 11g
  • 20.1.1 Prerequisites
  • 20.1.2 Creating Oracle Directory Authenticator
  • 20.1.3 Creating Oracle Access Manager Identity Asserter
• 20.2 Assigning IDM Administrators Group to Weblogic Administration Groups
• 20.3 Updating the boot.properties File
• 20.4 Restarting Servers
• 20.5 Installing and Configuring WebGate
  • 20.5.1 Prerequisites
  • 20.5.2 Making Special gcc Libraries Available
  • 20.5.3 Installing Oracle WebGate on WEBHOST1 and WEBHOST2
    • 20.5.3.1 Oracle WebGate 10g
    • 20.5.3.2 Copying Logout Page to OHS Servers
  • 20.5.4 Patching the Oracle Access Manager 10g WebGates
  • 20.5.5 Validating WebGate
  • 20.5.6 Validating the Oracle Access Manager Single Sign-On Setup

21 Managing Enterprise Deployments

• 21.1 Starting and Stopping Oracle Identity Management Components
  • 21.1.1 Startup Order
  • 21.1.2 Starting and Stopping Oracle Virtual Directory
    • 21.1.2.1 Starting Oracle Virtual Directory
    • 21.1.2.2 Stopping Oracle Virtual Directory
  • 21.1.3 Starting and Stopping Oracle Internet Directory
    • 21.1.3.1 Starting Oracle Internet Directory
    • 21.1.3.2 Stopping Oracle Internet Directory
  • 21.1.4 Starting, Stopping, and Restarting Oracle HTTP Server
    • 21.1.4.1 Starting Oracle HTTP Server
    • 21.1.4.2 Stopping Oracle HTTP Server
    • 21.1.4.3 Restarting Oracle HTTP Server
  • 21.1.5 Starting and Stopping Node Manager
    • 21.1.5.1 Starting Node Manager
    • 21.1.5.2 Stopping Node Manager
    • 21.1.5.3 Starting Node Manager for an Administration Server
  • 21.1.6 Starting, Stopping, and Restarting WebLogic Administration Server
    • 21.1.6.1 Starting WebLogic Administration Server
    • 21.1.6.2 Stopping WebLogic Administration Server
    • 21.1.6.3 Restarting WebLogic Administration Server
  • 21.1.7 Starting, Stopping, and Restarting Oracle Identity Manager
    • 21.1.7.1 Starting Oracle Identity Manager
    • 21.1.7.2 Stopping Oracle Identity Manager
    • 21.1.7.3 Restarting Oracle Identity Manager
  • 21.1.8 Starting, Stopping, and Restarting Oracle Access Manager Managed Servers
    • 21.1.8.1 Starting Oracle Access Manager Managed Servers
    • 21.1.8.2 Stopping Oracle Access Manager Managed Servers
    • 21.1.8.3 Restarting Oracle Access Manager Managed Servers
  • 21.1.9 Starting, Stopping, and Restarting Oracle Adaptive Access Manager Managed Servers
    • 21.1.9.1 Starting Oracle Adaptive Access Manager Managed Servers
    • 21.1.9.2 Stopping Oracle Adaptive Access Manager Managed Servers
    • 21.1.9.3 Restarting Oracle Adaptive Access Manager Managed Servers
  • 21.1.10 Starting and Stopping Oracle Identity Federation Managed Servers
    • 21.1.10.1 Starting Oracle Identity Federation
    • 21.1.10.2 Stopping Oracle Identity Federation
    • 21.1.10.3 Restarting Oracle Identity Federation
    • 21.1.10.4 Starting the Oracle Identity Federation Instances and EMAgent
    • 21.1.10.5 Stopping the Oracle Identity Federation Instances and EMAgent
• 21.2 Monitoring Enterprise Deployments
  • 21.2.1 Monitoring Oracle Internet Directory
    • 21.2.1.1 Oracle Internet Directory Component Names Assigned by Oracle Identity Manager Installer
  • 21.2.2 Monitoring Oracle Virtual Directory
  • 21.2.3 Monitoring Oracle Directory Integration Platform
  • 21.2.4 Monitoring WebLogic Managed Servers
• 21.3 Scaling Enterprise Deployments
  • 21.3.1 Scaling Up the Topology
    • 21.3.1.1 Scaling Up the Directory Tier
      • 21.3.1.1.1 Scaling Up Oracle Internet Directory
      • 21.3.1.1.2 Scaling Up Oracle Virtual Directory
    • 21.3.1.2 Scaling Up the Application Tier
      • 21.3.1.2.1 Scaling Up Oracle Directory Integration Platform and ODSM
      • 21.3.1.2.2 Scaling Up Oracle Access Manager 11g
      • 21.3.1.2.3 Scaling Up Oracle Adaptive Access Manager
      • 21.3.1.2.4 Scaling Up Oracle Identity Manager (Adding Managed Servers to Existing Nodes)
    • 21.3.1.3 Scaling Up Oracle Identity Federation
    • 21.3.1.4 Scaling Up the Web Tier
  • 21.3.2 Scaling Out the Topology
    • 21.3.2.1 Scaling Out the Directory Tier
      • 21.3.2.1.1 Scaling Out Oracle Internet Directory
      • 21.3.2.1.2 Scaling Out Oracle Virtual Directory
    • 21.3.2.2 Scaling Out the Application Tier
      • 21.3.2.2.1 Scaling Out Oracle Identity Federation
      • 21.3.2.2.2 Scaling Out Oracle Directory Integration Platform and ODSM
      • 21.3.2.2.3 Scaling Out Oracle Access Manager 11g
      • 21.3.2.2.4 Scaling Out Oracle Adaptive Access Manager
      • 21.3.2.2.5 Scaling Out Oracle Identity Manager (Adding Managed Servers to New Nodes)
    • 21.3.2.3 Scaling Out the Web Tier
• 21.4 Performing Backups and Recoveries
• 21.5 Patching Enterprise Deployments
  • 21.5.1 Patching an Oracle Fusion Middleware Source File
  • 21.5.2 Patching Identity Management Components
• 21.6 Troubleshooting
  • 21.6.1 Troubleshooting Oracle Internet Directory
  • 21.6.2 Troubleshooting Oracle Virtual Directory
  • 21.6.3 Troubleshooting Oracle Directory Integration Platform
  • 21.6.4 Troubleshooting Oracle Directory Services Manager
  • 21.6.5 Troubleshooting Oracle Access Manager 11g
    • 21.6.5.1 User Reaches the Maximum Allowed Number of Sessions
    • 21.6.5.2 Policies Do Not Get Created When Oracle Access Manager is First Installed
    • 21.6.5.3 You Are Not Prompted for Credentials After Accessing a Protected Resource
  • 21.6.6 Troubleshooting Oracle Identity Manager
  • 21.6.7 Troubleshooting Oracle Identity Federation
• 21.7 Other Recommendations
  • 21.7.1 Preventing Timeouts for SQL*Net Connections

Index